Inefficient Regular Expression Complexity

CVE-2025-5889

Low

2.3/10

Summary

A vulnerability was found in juliangruber brace-expansion. It has been rated as problematic. Affected by this issue is the function "expand" of the file "index.js". The manipulation leads to Inefficient Regular Expression complexity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. This issue affects brace-expansion package versions 1.0.0 through 1.1.11, 2.0.0 through 2.0.1, 3.0.0, 4.0.0. It is recommended to apply a patch to fix this issue.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: LOW

CWE-1333 - Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

References

Advisory Timeline

Published Jun 09, 2025

Inefficient Regular Expression Complexity

CVE-2025-5889

Summary

CWE-1333 - Inefficient Regular Expression Complexity

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS